Posts
I said I wouldn't touch Facebook again for a while, but as long as I'm wasting a perfectly good Sunday morning sitting at the computer instead of making cornmeal blueberry pancakes (sorry, Shelley, not that into bananas):
For getting notices of new blog posts tweeted, the instructions are here. Do they work? We'll see.
A limited application of the other direction would also be nice---viz., a button that points to my twitter feed (not auto-posting tweets, which is just (a) wrong, (b) pathetic giving how rarely I twit, and (c) a complete conflation of conceptually different media). There's probably a gadget that can be added.
But no: for now, baby steps. Especially since I seem to have obtained my first unknown follower on twitter. In the words of Morris Day, "Hello; do I know you?"
Sunday, January 31, 2010
in my face...
Fine. I give up. Facebook rules the world. What the heck. I'll sign up.
I've followed the Sophos recommendations on security settings, which took quite a while to wade through. If Google's mantra is "Do no evil", I think Facebook's is "G'head, it's just a little apple".
It's a actually a little scary, seeing the "Who you might know" list. A couple (recently) former co-workers: ok. A close friend or two: fine. A woman I went on a couple dates with: weird. But a guy who worked for one of our subcontractors off and on a year or two ago? Somebody who, if he's the Murray I think he is, came down from Phoenix twice to play with a Taiko drum group I was in four years ago? WTF?
I think those privacy settings are Good Thing (tm). And that this is enough Facebook adventuresomeness for a while; let's just let it lie fallow and see what sprouts.
I've followed the Sophos recommendations on security settings, which took quite a while to wade through. If Google's mantra is "Do no evil", I think Facebook's is "G'head, it's just a little apple".
It's a actually a little scary, seeing the "Who you might know" list. A couple (recently) former co-workers: ok. A close friend or two: fine. A woman I went on a couple dates with: weird. But a guy who worked for one of our subcontractors off and on a year or two ago? Somebody who, if he's the Murray I think he is, came down from Phoenix twice to play with a Taiko drum group I was in four years ago? WTF?
I think those privacy settings are Good Thing (tm). And that this is enough Facebook adventuresomeness for a while; let's just let it lie fallow and see what sprouts.
Monday, January 25, 2010
Lessons on Human Error, Re-learned Once Again
On a recent trip I had an experience showing the foolishness of trusting in human rationality. After checking in to my hotel, I got to my room, and could not unlock the door. It was the usual insert-magnetic-card lock, but when I did so either nothing happened, or it clicked quietly and a little red LED flashed.
I determined there were two possible answers: first, the card was bad; and second, the battery in the door reader was weak. I returned to the desk, got new cards, and tried again. Same failure mode with both cards. While I was standing there despondently inserting the cards one after another, hoping things would change and I wouldn't have to trudge back downstairs and ask for another room, a hotel maintenance man came by, asked what the problem was, took one of the cards, and immediately opened the door.
What had happened? As an external observer, you can probably guess, but I'll tell it in order, so you can see where things went wrong.
First, I had trouble locating the motel. It's on the northwest corner of an intersection, and I didn't know what it looked like. I followed the GPS woman's advice to turn onto the side street, but saw nothing that resembled a Motel 6. I looped around the blook and approached from the other direction, at which point I could see the sign and the driveway (which was invisible and inaccessible from the side street). This left me disgruntled.
Second, on arriving I was miffed to notice that I would have to pay extra for internet access during my stay. Another negative, in this case attributed to the hotel itself.
Third, when juggling my luggage at the front desk, I put the keycard in my shirt pocket with my phone, remembering only as I approached the door a rumor that the docking hardware on the Motorola Droid could affect magnetic card strips.
At this point, I was pre-disposed to think poorly of the motel, and had reason to believe the card I'd been given wouldn't work. That it didn't simply confirmed my predisposition. When I went back, the desk manager reprogrammed my card, and gave me a second "just in case", strengthening my hypothesis that the cards were likely to be faulty.
I blame the fourth contributing factor most of all. Here is a photo of the front and back of the card:
As you can see, the most important piece of information the card has to convey is that Domino's is the recommended local restaurant, and its number is helpfully provided in large type. Now, when holding such a card up in front of you to read it, you would naturally place your thumb on the white part, just below the number. When inserting it into the reader, you'll keep holding it that way.
Unless you want the door to open. Then, apparently, you are to understand that the two-millimeter triangles on either side of the fine print (which warns of minimum pizza purchase requirements and that the drivers carry little cash) are not merely decoration, but are intended to tell you the direction in which the card is to be inserted.
The maintenance man, being familiar with the cards, immediately opened the door. I had formed a hypothesis, and the outcomes of my experiments were consistent with that hypothesis, so I stuck with it. The possibility of trying a different experiment, like turning the card around, didn't even occur to me.
Review: Rationality is strongly influenced by mood. People, having formed an opinion, will tend to see the evidence that supports it. In the absence of inconsistent evidence, people will rarely actively search for an alternative interpretation that contradicts their beliefs. And input from an external party can disrupt the bad perspective, leading to better understanding.
None of this is news. See, for example, James Reason, Human Error. Relevance?
Well, it has clear relevance to most activities related to design and implementation of complex systems. In particular, I have a new task to ensure high reliability in software used in a wireless sensor and control network. What my experience has suggested is that, at a minimum, code reviews should be required for all changes that will go into a release of this software.
The process support for how we go about doing that is another essay.
Saturday, January 2, 2010
droid for now
The droid does not support streaming video in the browser. Pretty much at all, though nobody actually says so: there's all kinds of noise about how to convert your videos so you can play them from the SD card, and people answering questions that weren't asked, but based on the 83'd bug against Android (I filed number 5756 this morning) it just can't be done. Not much help when you want to be able to watch a live feed from a security camera, or stream a motion capture clip.
Of course, the pr0n folks have it figured out, but since there are no quality open source Real Time Streaming Protocol servers available--and even if there were I don't want to install, configure, and harden one--that's not really an option open to me.
In order to do what I really want with this thing, somebody needs to
Oh, and will somebody please tell Google that in this world of distributed collaboration a calendar that doesn't associate a time zone with an event is just stupid? Another story....
So the priority of getting the OpenVPN connection working dropped a little bit, and it's time to go back to CC430 tool chain support.
Of course, the pr0n folks have it figured out, but since there are no quality open source Real Time Streaming Protocol servers available--and even if there were I don't want to install, configure, and harden one--that's not really an option open to me.
In order to do what I really want with this thing, somebody needs to
- Support streaming video in the standard browser
- Support client certificates across all apps (at least browser and email)
- Get an IMAP client that has a reasonable interface to a hierarchy of folders
Oh, and will somebody please tell Google that in this world of distributed collaboration a calendar that doesn't associate a time zone with an event is just stupid? Another story....
So the priority of getting the OpenVPN connection working dropped a little bit, and it's time to go back to CC430 tool chain support.
Friday, January 1, 2010
ah, technology....
So, Wednesday I got a Motorola Droid. The theory being that, now that I'm working on things remotely connected to social networking, I should have a personal communications device capable of interacting with the Internet, whether that be web, Twitter, or whatever. And this thing has a screen with enough resolution that it's actually pretty amazing.
And the main things I really wanted to do were get access to my internal web and mail servers. Normally, this is done with OpenVPN, but an alternative would be to use client and server PKI certificates, which I'm also set up to handle.
How much has to be done to make the droid deal with this? Let's see:
The simplest solution would be to load the thing up with client certificates and open my firewall using certificate-based authentication. Can't be done. First, I'm using a self-signed root certificate, and there's no facility to add a trusted one. Solution? Jailbreak the phone, get root, and update the cacerts.bks file. Fortunately, they used the default password on the file, so I could do that.
Great, now the browser trusts my servers, but to ensure security now that I've opened my firewall up, I want the servers to authenticate the clients. The Droid's browser and email infrastructure apparently won't send client certificates when servers request them. I'm not sure what its certificate store actually does, then, because I *think* I successfully got one installed. Something to look into, but for now certificate-based browser is DOA.
Next thing is to let the device connect to my networks through a VPN. The Droid supports a couple VPN alternatives, which appear to be Microsoft-based. OpenVPN isn't one of them, and that's what I'm configured to use. So: Do I rebuild my firewalls with a non-OpenVPN solution that the Droid maybe will support, or do I try to get OpenVPN to work?
Like hell I'm going to screw with my firewalls. OpenVPN it is. Already jailbroke the phone, so now it's a matter of grabbing a copy of the tun kernel module from somebody, OpenVPN from somebody else, a couple apps from Android Marketplace, and go.
So close: got the client on the droid connected to the server on my firewall. Except I use bridged OpenVPN so all my machines look like they're on the same subnet. Very convenient, except the droid doesn't have the bridge-utils package, it doesn't look like anybody ever made it, and even if they did this probably wouldn't work since the droid has a PPP connection not an Ethernet one, so there's nothing to bridge to.
So, after having turned off routed support in OpenVPN in my iptables rules and DNS configuration, apparently I'm going to have to put it back. It'll have to be a separate OpenVPN server, because again I'm not going to screw up the ones that already work in bridged mode. But in theory it should be possible.
Not tonight, though.
And the main things I really wanted to do were get access to my internal web and mail servers. Normally, this is done with OpenVPN, but an alternative would be to use client and server PKI certificates, which I'm also set up to handle.
How much has to be done to make the droid deal with this? Let's see:
The simplest solution would be to load the thing up with client certificates and open my firewall using certificate-based authentication. Can't be done. First, I'm using a self-signed root certificate, and there's no facility to add a trusted one. Solution? Jailbreak the phone, get root, and update the cacerts.bks file. Fortunately, they used the default password on the file, so I could do that.
Great, now the browser trusts my servers, but to ensure security now that I've opened my firewall up, I want the servers to authenticate the clients. The Droid's browser and email infrastructure apparently won't send client certificates when servers request them. I'm not sure what its certificate store actually does, then, because I *think* I successfully got one installed. Something to look into, but for now certificate-based browser is DOA.
Next thing is to let the device connect to my networks through a VPN. The Droid supports a couple VPN alternatives, which appear to be Microsoft-based. OpenVPN isn't one of them, and that's what I'm configured to use. So: Do I rebuild my firewalls with a non-OpenVPN solution that the Droid maybe will support, or do I try to get OpenVPN to work?
Like hell I'm going to screw with my firewalls. OpenVPN it is. Already jailbroke the phone, so now it's a matter of grabbing a copy of the tun kernel module from somebody, OpenVPN from somebody else, a couple apps from Android Marketplace, and go.
So close: got the client on the droid connected to the server on my firewall. Except I use bridged OpenVPN so all my machines look like they're on the same subnet. Very convenient, except the droid doesn't have the bridge-utils package, it doesn't look like anybody ever made it, and even if they did this probably wouldn't work since the droid has a PPP connection not an Ethernet one, so there's nothing to bridge to.
So, after having turned off routed support in OpenVPN in my iptables rules and DNS configuration, apparently I'm going to have to put it back. It'll have to be a separate OpenVPN server, because again I'm not going to screw up the ones that already work in bridged mode. But in theory it should be possible.
Not tonight, though.
Subscribe to:
Posts (Atom)